System requirements and compatibility

Requirements

Fall Creators Update (Version 1709) is the minimum build version supported. If your system is running on a version lesser than 1709,Citrix Receiver for Windows gets installed on the system.

Compatibility matrix

Compatible devices

IoT-compatible devices

Surface PC

Thin client

Phones

Surface Hub

Windows 10 S devices

Citrix Receiver for UWP is also compatible with all currently supported versions of XenApp, XenDesktop, StoreFront and NetScaler Gateway as listed in the Citrix Product Lifecycle Matrix.

Connections, Certificates, and Authentication

Thin client

Phones

Surface Hub

Windows 10 S devices

Citrix Receiver for UWP is also compatible with all currently supported versions of XenApp, XenDesktop, StoreFront and NetScaler Gateway as listed in the Citrix Product Lifecycle Matrix.

Connections, Certificates, and Authentication

Connections

HTTPS store

NetScaler Gateway 11.1 and 11.0

Secure connections

TLS

You can launch apps and desktops from Citrix Receiver for UWP only if the VDA is configured for TLS connections.For more information about configuring TLS on the VDA, see Transport Layer Security (TLS).

When TLS is configured on the VDA, the first connection attempt occurs using TLS 1.2. If TLS 1.2 is not supported, the connection falls back to TLS 1.1 or eventually TLS 1.0.When a wildcard certificate is configured, the TLS connection to the VDA is successful.

By default, the connection between the user device and NetScaler Gateway uses TLS.

The root certificate must be in the local key store so that the remote gateway’s certificate can be verified when a connection attempt occurs. If Citrix Receiver for UWP cannot verify the certificate, it displays a corresponding warning. If you continue through the warning, the list of applications is displayed; however, the applications do not launch.

The device must be configured with the correct date and time because Windows checks the certificate date against the device date.

Note

Citrix Receiver for UWP does not validate certificates. It is an SSL connection only if it is validated and trusted by the operating system.

Certificates

Private (self-signed)

Intermediate

Wildcard

Private (self-signed) certificates

If a private certificate is installed on the remote gateway, the root certificate of the organization’s certificate authority must be installed on the user device. This ensures successful access to virtual desktops and applications using Citrix Receiver for UWP.

To install a self-signed certificate, download the certificate on the device and run the following command from a command line:
certutil –f –addstore –user root NameOfCert.cer

Administrator-level credentials are required to run the above command.

Intermediate certificates and NetScaler Gateway

If your certificate chain includes an intermediate certificate, the intermediate certificate must be appended to the NetScaler Gateway server certificate. For more information on configuring certificate, see Knowledge Center article CTX122955

Wildcard certificates

Wildcard certificates are used in place of individual server certificates for any server within the same domain. Citrix Receiver for UWP supports wildcard certificates.

Authentication

For connections to virtual desktops and apps, Citrix Receiver for UWP supports StoreFront and Web Interface.

StoreFront configured with Receiver for website
Provides access to the store from a web browser. On a session, the user is prompted to open an ICA file to continue.

Connections

Citrix Receiver for UWP supports HTTPS through any of the following configurations.

For LAN connections:

StoreFront using https.
Note: Only HTTPS store configuration is supported. HTTP store configuration is not supported.

For secure remote or local connections:

Citrix NetScaler Gateway 11.1 and 11.0

About secure connections and SSL certificates

TLS

You can launch apps and desktops from Citrix Receiver for UWP only if the VDA is configured for TLS connections.For more information about configuring TLS on the VDA, see Transport Layer Security (TLS).

When TLS is configured on the VDA, the first connection attempt occurs using TLS 1.2. If TLS 1.2 is not supported, the connection falls back to TLS 1.1 or eventually TLS 1.0.When a wildcard certificate is configured, the TLS connection to the VDA is successful.

By default, the connection between the user device and NetScaler Gateway uses TLS.

The root certificate must be in the local key store so that the remote gateway’s certificate can be verified when a connection attempt occurs. If Citrix Receiver for UWP cannot verify the certificate, it displays a corresponding warning. If you continue through the warning, the list of applications is displayed; however, the applications do not launch.

The device must be configured with the correct date and time because Windows checks the certificate date against the device date.

Citrix Receiver for UWP does not validate certificates. Its an SSL connection only if it is validated and trusted by the operating system.

Private (self-signed) certificates

If a private certificate is installed on the remote gateway, the root certificate of the organization’s certificate authority must be installed on the user device. This ensures successful access to virtual desktops and applications using Citrix Receiver for UWP.

To install a self-signed certificate, download the certificate on the device and run the following command from a command line:
certutil –f –addstore –user root NameOfCert.cer

Administrator-level credentials are required to run the above command.

Intermediate certificates and NetScaler Gateway

If your certificate chain includes an intermediate certificate, the intermediate certificate must be appended to the NetScaler Gateway server certificate. For more information on configuring certificate, see Knowledge Center article CTX122955

Wildcard certificates

Wildcard certificates are used in place of individual server certificates for any server within the same domain. Citrix Receiver for UWP supports wildcard certificates.

Authentication

Authentication to StoreFront

Domain

Security token

Two-factor authentication (Domain plus Security token)*

*Available only in deployments that include NetScaler Gateway.

Authentication to Web Interface

Web Interface uses the term “Explicit” for domain and security token authentication.

Domain

Security token

Two-factor authentication (domain plus security token)*

*Available only in deployments that include NetScaler Gateway, with or without the NetScaler Gateway plug-in installed on the device

After authenticating a user, Citrix Receiver for UWP saves user account details. The account name is My Virtual Apps.

Citrix Receiver for UWP supports the storage of only the domain and user name of a single account. Multiple accounts and the storage of passwords and passcodes are not supported. You can edit or remove the user account from the Settings option.

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.